Information Security Policy, Vulnerability Assessment, and Penetration Testing
Client
A leading national higher education institution in the health field, affiliated with the Santa Casa de Misericórdia de São Paulo.
About the Company
It is one of the most traditional medical schools in Brazil, recognized for its excellence in teaching, research, and training of health professionals. With its strong academic and hospital presence, the institution sought to reinforce its technology governance and information security, ensuring regulatory compliance and the protection of sensitive data in educational and medical contexts.
Challenge

The college faced the following strategic challenges:

  • Implement information security and data privacy policies, in compliance with regulatory requirements (LGPD, healthcare industry standards);
  • Identify and mitigate vulnerabilities in infrastructure, systems, and web applications;
  • Ensure greater cyber resilience in a mission-critical environment that involves sensitive patient and student data;
  • Make available Executive and technical documentation to guide decision-making.
Solution
We have developed a comprehensive project for Information Security, consisting of three pillars:
  1. IT Policy Design
    • General Data Security and Privacy Policy;
    • Policy on the Use of Equipment, Networks, and Laboratories;
    • Data Protection Policy (internal and external privacy);
    • Physical Security Policy.
  2. Infrastructure – Vulnerability & Penetration Testing
    • Vulnerability assessment and environment diagnostics.;
    • Active and passive testing of networks, hardware, databases, and applications;
    • Mapping security gaps and vulnerability metrics;
    • Attack simulations and detailed reports (Blue Team).
  3. WEB – Vulnerability & Penetration Testing
    • Web Application Vulnerability Assessment;
    • Compliance with PCI-DSS, GDPR, LGPD, OWASP, and HAPP;
    • Script testing, unauthorized access, and data manipulation;
    • Identification of critical risks such as DNS attacks and code injection.
Project Deliverables:
  • Information Security Policy;
  • Infrastructure and Application Vulnerability Report;
  • Environment Penetration Testing Report;
  • Executive Summary for Management.
Results
  • Implementation of a structured information security program;
  • Mapping and Mitigating Critical Vulnerabilities in systems and infrastructure;
  • Greater regulatory compliance, particularly the LGPD and healthcare industry regulations;
  • Dashboards and Executive Reports, supporting senior management in decision-making;
  • Strengthening Digital Governance, ensuring the protection of sensitive student and patient data.